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About This Guide 
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About This Guide 


This guide helps to get started with Qualys Custom Assessment and Remediation (CAR). 
However, it does not include procedural help for various operations in CAR. For step-by- 
step procedural help, refer to the Qualys CAR Online Help. 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com. 


Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access support information at www.qualys.com/support/. 
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About Qualys Custom Assessment and 
Remediation 


Enterprises usually have large number of assets that need to be continuously assessed 
and immediately remediated for any security gaps. Manually initiating assessment or 
remediation for each asset in the network is not only challenging, but time consuming as 
well. Traditional solutions do not provide response capabilities to execute commands for 
custom detection and initiating quick remediations, all from a single platform. 


Qualys CAR provides a centralized way to proactively assess your assets for blind spots in 
custom configurations and zero-day vulnerabilities. It allows you to execute custom 
scripts to improve compliance and security posture of assets in your network. With CAR, 
you can execute scripts for enhanced detections and response measures. It enables you to 
create or upload custom logics and execute them across the environment to assess and 
improve the compliance and security posture of the assets, eliminating the need for third- 
party software for executing custom scripts. 


Note: This guide does not include procedural help for various operations in CAR. For 
procedural help, refer to the Qualys CAR Online Help. 
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Getting Started with CAR 


Pre-requisites 


- The CAR app should be enabled for your subscription. To get it enabled, contact your 
Technical Account Manager. 


- For Windows, you need Qualys Cloud Agent 4.6.1.6 or later and for Linux, you need 
Qualys Cloud Agent 4.7.0 or later. 


Refer to: 
Cloud Agent for Windows Installation Guide 


Cloud Agent for Linux Installation Guide 


Define User Roles 


You must have the user roles defined to get started with Qualys CAR. Not all users have 
access to execute all the operations; hence, user segregation is a better way to streamline 
the process of script execution in your environment. 


Qualys CAR uses role-based access control (RBAC) permissions that control access to the 
various CAR functions. The four predefined roles are: 


- Manager 

- Author 

- Auditor 

- Viewer 

- Operations 


To know more about the roles and permissions in Qualys CAR, refer to the Appendix A. 


Supported Platforms 

CAR supports Linux and Windows platforms. 

Linux: Lua, Perl, Python, Shell 

Note: 

- For Python script, Python3 must be installed 

- For Perl script, any version of Perl must be installed 

Windows: PowerShell, Python, VBScript 

Note: VBScripts are run in batch mode. 

Following points must be kept in mind if you use Python on Windows platform: 


- If Python is installed by using the setup, it should be installed for all users on the client 
machine. The installation location must be added to the system path variable. 


Getting Started with CAR 


- If Python is installed by using portable zip, the path of the directory containing 
python.exe must be added to the system path variable. 
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Working with Scripts in CAR 


Qualys CAR has a repository of scripts stored in its database. These scripts can be applied 
to multiple assets and tags. 


You can share the output of the script execution job with different apps that have been 
registered to get the script output. 


The maximum script size allowed for Linux and Windows assets is 500 KB. 
CAR comes with the following features: 


- Provides a framework to maintain a repository of generic scripts that can be executed on 
assets and the output of the scripts is shared with the applications in your Qualys 
subscription. 


- Creates a command manifest of the scripts and sends it across to the agent through CAS 
for script execution on the agent. The agent executes the script and returns the script 
output to CAR via API Gateway. 


- Allows the output of a script execution to be shared with other Qualys apps that are 
registered to fetch the script output. 


A typical CAR workflow includes the following: 
* Create a script 
* Test a script (optional) 
* Review a script 


* On Demand Execution (Run Now) or Scheduled Execution 


About Script Creation and Other Tasks 


You can create a custom script and add information in the required fields, select required 
assets, and assign tags. 


Note: You can create up to 2000 scripts per subscription. 
Prerequisites for Linux agents: 

- For Python script: Python3 must be installed 

- For Perl script: Any version of Perl must be installed 
Prerequisite for Windows agents: 


- For Python script: Python must be installed and the install location should be added to 
SYSTEM PATH variable. 


For information on how to create a script, refer to the Creating Scripts. 
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Script Testing 
You can test the script on test assets before executing it on production assets. 


This step is optional; however, it is recommended to test the script to avoid any failure in 
the production environment. 


T 


Iesting can be done before or after a script is reviewed and approved. 
In case of failure, you can edit the script and check for possible issues for failure. 


For information on how to test a script, refer to the Testing Scripts. 


Script Reviews and Approval 


Reviewing scripts is a one-time activity; therefore, Review option is disabled once a script is 
approved. 


For information on how to review and approve a script, refer to the Reviewing and 
Approving Scripts. 


Script Execution 


You can execute a script only after it is approved. A new job is created when you execute a 
script and is listed under the Jobs tab. 


You may also want to test the script before executing. 


When a script is executed, a parent job is created to contain all the activities that are 
carried out on individual assets added to the script. The applicable asset list for a script is 
evaluated at run time. 


While setting up script execution, the threshold time indicates how long a script must be 
in execution. 


You can configure the threshold time and script size values on Qualys Cloud Platform. 


If the applicable assets list results in no assets being eligible, then the parent job does not 
contain any associated asset jobs in it. The count of asset jobs for such script runs 
remains zero. This can happen when an imported script is executed before adding assets 
to it. It can also happen if a tag included in the script does not result in any asset being 
eligible to run the script depending on asset OS and activated modules. 


Note: All the assets that participate in script run should have NTP sync set up. This is 
required for the date and time values to get interpreted correctly with Qualys Platform 
communication. 


For information on how to execute a script, refer to Executing Scripts. 


Managing Scripts 


Apart from the primary tasks related to script creation and execution, you can perform 
many other tasks such as importing or exporting scripts, cloning scripts, editing scripts, or 
even viewing the details of a script run after a script is executed. 


Working with Scripts in CAR 
Managing Scripts 


Here's some brief information on the various tasks related to managing scripts: 


Task 


Description 


Export and import 
scripts 


You can export a script and save it on your local computer and use 
in another environment by importing. Importing a script only 
imports the script details and excludes the meta data such as 
asset tags. You will have to add assets and tags to the script after 
you import. 

The script is exported in JSON format. 


Edit scripts 


You can edit a script as long as it is not approved and executed. 
You cannot edit a script once it is approved; you can only edit 
other details of the script such as the script name, its description 
and severity. 


Clone scripts 


You can copy an existing script along with its assets and tags and 
other properties except the status. Even if you clone an approved 
script, you must get it reviewed and approved before you execute 
it. You cannot clone deprecated and rejected scripts. 


Download scripts 


You can download the script meta-data in CSV format. 


You can download maximum up to 5000 records for Scripts and 
Jobs. For Audit Logs, you can download a maximum of 100 records 
ata time. 


Deprecate scripts 


You can deprecate a script that's no longer required. Once a script 
is deprecated, only the View Details option is enabled in the Quick 
Actions drop-down menu. 


Note: A deprecated script is automatically removed after 7 days 
as part of a scheduled job. 


View script status 


Once a script is created, it moves through various statuses: 


Pending Test: A newly created or cloned (from existing script) 
script is displayed in the Pending Test state. 

Pending Review: When the script is tested on test assets, it is 
moved to Pending Review status. 

Approved: When script is reviewed and approved for production, 
it is displayed as 'Approved'. 

Rejected: When script is reviewed and is not approved for 
production, it is displayed as 'Rejected'. 

Deprecated: When a script is deprecated, it is displayed as 
‘Deprecated’. 


Task 


Working with Scripts in CAR 
Managing Scripts 


Description 


View Script Details 


You can view the output of all the scripts executed or tested in 
Asset Jobs. 


View activity logs 


The Activity Logs tab shows all the activities performed by users 
with respect to scripts. You can search the activities using the 
search bar or you can filter using the left navigation pane. 

You can narrow your search by using the following QQL tokens in 
the search box: 

- activity: 

- user: 

- target Type: 


For information various operations related to managing scripts, refer to Managing Scripts. 
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About Script Schedules 


You can create a schedule to enable script execution at a specific date and time in future. 
Schedules can be of two types: 

- One-time schedule 

- Recurring schedule 


In a recurring schedule, you can specify the date and time for the first script run and the 
date for the last script run. 


Note: The status of a script is shown as 'Expired' when the end date specified for the 
recurring schedule has elapsed. 


For information on how to schedule a script and other related topics, refer to the Working 
with Script Schedules. 


Here's some brief information on the various tasks related to script schedules: 


Task Description 


Schedule a script execution Ascript can be scheduled to be automatically executed 
at a specified date and time. You can schedule a script 
for one-time execution or as a recurring job. A script 
can be scheduled from the Quick Actions menu in 
the Scripts sub-tab or from the Schedules sub-tab. 


Only an approved script can be scheduled. You can also 
delete a schedule or edit to make changes as per your 


requirement. 
View schedule details You can view the details of an existing schedule in the 
Scripts » Schedules sub-tab. 
Activate and deactivate When you create a schedule, you can activate the 
schedules schedule immediately by clicking Save & Activate. 


Alternatively, you can activate it later from the 
Schedules sub-tab. 


Note: You cannot activate a schedule if the script 
selected for the schedule is deprecated or deleted. 


View job details of a You can select a schedule and view its status and other 

schedule corresponding details. You can choose to view details 
of the most recent job or all jobs within a recurring 
cycle. 


Select a schedule from the Schedules sub-tab or use 
any of the following QQL tokens in the search box: 

- name: 

- id: 
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Job Status of Scripts and Schedules 


After a script or a schedule is created, you can view the details and their current statuses 
in the Jobs tab. 


When a script is executed, the job name displayed is same as the script name. When a 
script is tested, the job name is displayed as Test-<ScriptName-TimestampEpoch> 
(milliseconds not included). 


In the Jobs tab, you can search for script jobs by using the following QQL tokens in the 
search box: 


- script.category: 

- Script.name: 

- script.type: 

- ScriptId: 

You can search for scheduled jobs by using the following QQL tokens in the search box: 
- schedulerld: 

- schedulerName: 


According to the CAR Data Retention policy, the jobs and asset jobs are automatically 
deleted after seven days as part of a scheduled job. Refer to the Data Retention Policy 
section in the Appendix 
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About CAR Dashboards 


CAR allows you to create multiple dashboards and switch between them to access 
relevant information in an instant. The Script Run Summary dashboard is the default 
CAR dashboard and has a collection of seven default widgets showing data of your 
interest, which are updated in real-time. 


Following are the default widgets in the CAR dashboard: 
- Number of Scripts Group by Script Category 
- Number of Scripts Group by Script Type 


Number of Scripts by Approval Status 


f, 


Number of Scripts Group by Platform 


Number of Scripts Created by Users 


- Number of Jobs Group by Script Category 


- Scripts with Blacklisted Commands 


Script Run Overview 


> iz Al Last30Days v © Total Widgets Count: 5 / 80 o C ds 


NUMBER OF SCRIPTS GROUP BY SCRIPT CATEGORY NUMBER OF SCRIPTS GROUP BY SCRIPT TYPE 


SCRIPTS WITH BLACKLIST COMMANDS 


Us) 


You can use the default CAR dashboard provided by Qualys or easily configure widgets to 
fetch information from other Qualys modules and add them to your dashboard. You can 
also add as many dashboards as you like to customize your application view. 


CAR is integrated with Unified Dashboard (UD). UD brings information from all Qualys 
applications into a single place for visualization. 


For information on creating widgets, dashboards, templates, and more, refer to the Unified 
Dashboard Online Help. 
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Appendix A 


Required Roles and Permissions 


You must have the user roles defined to get started with Qualys CAR. Not all users have 
access to execute all the operations; hence, user segregation is a better way to streamline 
the process of script execution in your environment. 


These roles give an additional level of security against running a script without oversight. 


Roles Permission 


Manager General UI: Access 
Script: View, Create, Review and Approve, Evaluate, 

Update, Deprecate, Execute, Import, Export, Delete, 

Download 

Schedule: View, Create, Update, Delete, Activate, 

Deactivate, Download 

Jobs: View, Download, Delete 

Audit Logs: View, Download 

Dashboard: View, Update, Create, Download, Print, 

Delete 


Author General UI: Access 
Script: View, Create, Evaluate, Update, Import, Export, 
Download 

Schedule: View, Create, Update, Delete, Download 
Jobs: View 

Audit Logs: View 

Dashboard: View 


Auditor General UI: Access 
Script: View 
Schedule: View, Download 
Jobs: View, Download 
Audit Logs: View, Download 
Dashboard: View, Download, Print 


Viewer General UI: Access 
Script: View 
Schedule: View 
Jobs: View 
Audit Logs: View 
Dashboard: View 


Operations General UI: Access 
Script: View, Execute, Import, Export, Download 
Schedule: View, Create, Activate, Deactivate, Update, 
Delete, Download 
Jobs: View 
Audit Logs: View 
Dashboard: View 
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Manifest Status 


Current State 


Next State 


Appendix A 
Manifest Status 


Action for State Transition 


Manifest Manifest Service Initial State when a Asset Job is created 
Generation In 
Progress 
Manifest Manifest Manifest is sent to Cloud Agent Service (CAS) 
Generation In Published 
Progress 
Manifest Manifest CAS send the manifest received feedback to CAR 
Published Assigned 
Manifest Manifest Agent sends the Manifest Download confirmation 
Assigned Downloaded 

Success/Failed 
Manifest Manifest Parsed Agent sends the Manifest Parsed message 
Downloaded Success/Failed 
Success/Failed 
Manifest Parsed Manifest Agent sends this message after Script execution is 
Success/Failed Execution complete 

Success/Failed 
Manifest Script Result Agent uploads the Script output to API Gateway 
Execution Upload 


Success/Failed 


Success/Failed 


Script Result 
Upload 
Success/Failed 


Success/Failed 


Success indicates the execution of script is 
Successful/Failed 


Data Retention Policy 


According to the CAR Data Retention policy, if a script is not modified/executed for 6 
months, it will be automatically deprecated. And a deprecated script will be automatically 
deleted after 7 days as part of a scheduled job. Also, the jobs and asset jobs will be 
automatically deleted after 7 days as part of a scheduled job. 


Blacklisted Commands 


Some scripts might contain blacklisted commands. Author will be notified about the 
blacklisted command while reviewing the scripts. 


The list of blacklisted commands is mentioned for your reference: 
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Linux 


Shell 


Appendix A 
Blacklisted Commands 


rm, dd, mkfs, > /dev/sd, > /dev/hd, mv, wget, find, useradd, cp, chmod, kill, 
fdisk, chown, umask, shutdown, reboot, mount, unmount, killall, touch, 
chatty, :(){:|:&};:, mkfs.ext3 

/dev/sd,dd if=/dev/random ofz/dev/sd,mv / /dev/null, gunzip, untar, at, 
curl, sudo, In, apt-get, yum, sh, iptables, rpm 

-V,rpm -verify, pwck, stat, du, service --status-all, lsof, getent, df 


Lua 


os.remove, os.rename, wget, string.find, cp, os.shutdown(), 
os.reboot(), lua 


Perl 


rm, move, get, File::Find, copy, chmod, kill, kill(), chown, umask, 
shutdown, reboot, open, symlink, ppm, per 


Python 


os.remove, os.rmdir, shutil.rmtree, shutil.move, wget.download, 
find, os.walk, useradd, shutil 


copy, os.chmod, os.kill, os.chown, shutil.chown, os.umask, 
shutdown, reboot, open, pycurl.Curl, os.symlink, pip, pip3, python, 
python3 


Windows 


Python 


os.remove,os.rmdir,shutil.rmtree,shutil.move,wget.download,find,o 
s.walk,useradd,shutil 


copy,os.chmod,os.kill,os.chown,shutil.chown,os.umask,shutdown,r 
eboot,open,pycurl.Curl,os.symlink,pip,pip3,python,python3 


Powershell 


del,erase,rd,ri,rm rmdir, Remove-Item,mv,move,mi,Move- 
Item, weget,Invoke-WebRequest,Get-Item,Get-ChildItem,new- 
localuser,new-aduser, 


copy,cp,cpi, Copy-Item,cacls,icacls,set-acl, kill, taskkill,Stop- 
Process,New-Partition,icacls,takeown,set-acl,shutdown, 


stop-computer,restart,shutdown /rrestart-computer,mount,mount- 
DiskImage, New-PSDrive, Dismount-DiskImage,get-process 


| stop-process,ni,New-Item, attrib, %0|%0,Expand-Archive,New- 
ScheduledTask,curl,Invoke-WebRequest,Invoke- 
RestMethod,runas, /script.ps1,powershell 


script.ps1,netsh firewall,netsh advfirewall,icacls,Get-Service 


VBScript 


DeleteFolder, DeleteFile, MoveFolder, MoveFile, get, CopyFolder, 
CopyFile, cacls, taskkill, icacls, takeown, shutdown, CreateTextFile, 
attrib, WScript, CScript 
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Appendix B 


CAR Use Cases 


This chapter includes use cases to show you how you can leverage Qualys CAR to identify 
zero-day vulnerabilities and other security threats, modify the configuration of an 
application or an Operating System, or even implement a security policy as a part of your 
response program to secure your environment - all by executing custom scripts on scoped 
assets within your network. 


Let's consider this for an example - you want to identify the assets that have Log4j 
installed, and then detect instances that are infected by Log4Shell. The power of the 
Qualys Cloud Platform along with the detection and remediation capabilities of CAR help 
you to identify the potentially vulnerable assets in the environment and initiate 
remediation to quickly close the security gaps. 


In the similar way, you can also create and execute custom scripts for sensitive data 
protection, identity management, zero-day threats and so on. 


To know more about the use-case based script templates on Qualys GitHub account, click 
here. 


Identify Your Assets with CSAM 


Qualys CSAM accurately inventories if Log4j is installed on any of your assets or if Log4j is 
in the class path of a running java application. With CSAM, you can discover if Log4j is 
present within your environment. 


Use the following QQL query to identify such assets and create a dynamic asset tag for it: 
software: (name:“log4j” or name:“liblog4j2”) 


This tag automatically gets associated with all the targeted assets and you can execute a 
custom script on the asset scope using the same tag. 
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Create Your Custom Script for Log4Shell Detection 


You can create your own detection script or use the one posted on Qualys GitHub account 
- log4j findings.sh. 


Add Script 


Data Collection 


#/bin/sh 
if [$#-eq 0]; then 
BASEDIR="/" 


NETDIR_SCAN=false 

elif [ $#-eq 1]; then 
BASEDIR=$1 
1d SBASEDIR then 


[NM 


To learn about how to create a script, refer to the Qualys CAR Online Help. 

Once your script is reviewed and approved, you can execute the script on your scope of 
assets for Log4Shell detection. 

Initiate Evaluation with the Script Output 


Leverage the native integration of Qualys CAR with Qualys Policy Compliance to create 
‘Script Result Check’ type User Defined Controls (UDCs). Control evaluation is based on 
the defined evaluation criteria and the actual script output. 
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To achieve this, Qualys has introduced a new type of UDC called 'Script Result Check' in 
Qualys Policy Compliance. 


New Control 


Windows Control Types 


Unix Control Types > 


| Database Control Types 


Select the control you want to create. 


Unix Control Types 


O File/Directory Existence 
This control type checks for the existence of a user-specified file or directory. 


O File/Directory Permission 
This control type checks permissions that are set on a user-specified file or directory. 


© File Content Check 
This control type checks the contents of a user-specified file. 


© File Integrity Check 
This control type checks the integrity a user-specified file. 


© Unix Directory Search Check 


This control type finds files and directories that match your search parameters (i.e. name, permissions, owner, etc). 


O Directory Integrity Check 


This control type checks the integrity of Unix files at the directory level and reports hash based file integrity and snapshot updates. 


© File Content Check (Agent Only) 
This control type checks the contents of a user-specified file (wildcard file search). 


O Script Result Check (Agent Only) 


This control type collects results of the Unix scripts provided by the user. For example: Lua, Perl, Python, Shell. 


Script Result Check UDCs can be created to evaluate the output of the script and define 
the compliance and security posture of the assigned assets. 


For example, the script log4j_findings.sh would fetch the log4j version as part of its 
output. Since log4j version 2.17 or above is considered safe, you can configure the pass or 
fail value for the control by setting the default evaluation value. 


Cardinality * 


Contains 


Operator * 


Regular Expression List v 


Default Evaluation Value * 


log4j\s+2\.[1][7-9]\.[0-9] 


Lock Cardinality 


Lock Operator 


Lock Default Value 


The Qualys platform and CAR enable you to rapidly respond to security threats by 
executing custom scripts not only for detection and validation of security threats, but for 
remediations as well. 
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You can enter the remediation steps in the control to ensure that the appropriate response 
program can be carried out when the control fails. 


€ Edit Control (O) 
Rationale + a 
STEPS 2/3 | vunerapimmy. rms vuinerapimy 1s actively being expioned in tne wid. 
i E Log4j is a ubiquitous library used by millions for Java applications. Created by Ceki 
Sess: Gülcü, the library is part of the Apache Software Foundation’s Apache Logging EH 
Services project. v 
Control Information 
3664/4000 characters remaining 
3 Review And Confirm 
Cardinality * 
Contains w | |_| Lock Cardinality 
Operator * 
Regular Expression List w | | Lock Operator 
Default Evaluation Value + 
log4j\s+2\.[1][7-9]\.[0-9] |] Lock Default Value 


Remediation 


1. Update all Log4j Library to log4j 2.17.0 
2. In case the Log4j vulnerable component cannot be updated, configure the parameter 


log4j2.formatMsgNoLookups to be set to ‘true’ when starting the Java Virtual Machine. 


3785/4000 characters remaining 


Note: Script Result Check type UDCs can only be created for Approved Scripts. 


These controls define the compliance and security posture of your environment for the 
scoped assets, which is listed under the Posture tab. 


DASHBOARD POSTURE POLICIES SCANS REPORTS EXCEPTIONS ASSETS USERS 


Posture 


X control, type:WOC and (control.id:'!00820" or control.id:'100017" or control. id:*100016") 


FAILURE BY CRITICALITY 


CONTROL STATEMENT TRORNOLOGY INSTANCE 


FAIL 100017 Log4j - JNDI-Class Linux Detection Cert07 x masifmigration01.p04.e Copy of Log detection on Linux asset ` 
Jan 19,2022 ng.sjc01.qualys.com 
CRITICALITY 342594 
CRITICAL an 
FAIL 100016 — — LogdjVersion Linux Detection C087 x masifmigration01.p04.e Copy of Log detection on Lina assats 
lan 19, 2022 ng.sjc01.qualys.com 
EXCEPTION STATUS. ied 
FAIL 100017 Log4j - JNDI-Ciass Linux Detection 41057 masifmigration01.p04.e Logi detection on Linus asset 
. ng.sjc01.qualys.com 
2094 
FAIL 100016 Logéj Version Linux Detection Centos 7.x masifmigration01.p04.e Logi detection on Linux asset 
an 19, 2022 ng.sjc01.qualys.com. 
— 
FAIL 100017 Log4j - JNDI-Class Linux Detection Cent0$ 2x masifmigration01.p04.e Lopë- JND Class Linux Detection 


ng.sjcO 1. qualys.com. 
42504 


FAIL 100020 Log Jars Linux Detection Certos 7 elsdata02 p21.engscÜ Logi detecton on Liur assets 
an 19, 2022 1Aualys.com 
145257 
FAIL 100020 Log Jars Linux Detection Certos 7x elsdata02.p21.engsjeÜ Copy of Lopë detection on Linux assets 
19,2022 1.qualys.com 


£45257 


Qualys CAR comes with API support that helps you to fetch the script output in 
standardized format which can be consumed by data lakes for further correlations. 
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